CVE-2015-2206

Priority
Description
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x
before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values
in unknown-language error responses that contain a CSRF token and may be
sent with HTTP compression, which makes it easier for remote attackers to
conduct a BREACH attack and determine this token via a series of crafted
requests.
Notes
tyhicks"Versions 4.0.x (prior to 4.0.10.9), 4.2.x (prior to 4.2.13.2) and
4.3.x (prior to 4.3.11.1) are affected."
Package
Upstream:released (4:4.4.4-1, 4.3.11.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4:4.4.5-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4:4.4.5-1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (4:4.4.5-1)
Patches:
Upstream:https://github.com/phpmyadmin/phpmyadmin/commit/b2f1e895038a5700bf8e81fb9a5da36cbdea0eeb
More Information

Updated: 2020-01-29 18:21:21 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)